If you read this blog regularly, you know we believe the key to a united security defense is collaboration. In a world where every second counts, you can’t be trying to manually correlate activities across different products and teams. That’s why we design all of our products with REST APIs, so they not only play nice together, but also play well with your entire security stack. It’s why we push peer learning of automation and orchestration in our online exchange, and why we continue to build upon an open platform strategy. We aim to partner with the leading technology vendors in each area of security.
Last week, the move toward a collaborative defense got a boost when IBM announced a new initiative around collaborative security, the IBM Security App Exchange with Bit9 + Carbon Black as a key launch partner.
This new platform will enable vendors, developers and universities to build feature-rich apps that connect directly into IBM Security products.
First to be opened up is IBM’s SIEM solution, QRadar. While you can read more about the announcement here, in this post I want to provide you a quick overview of the Carbon Black app now available and discuss why we think this is going to have a big impact on the way security products interact.
In one line, the Carbon Black App for IBM QRadar unites EDR and SIEM behind a single pane of glass for faster detection and incident response. By integrating Carbon Black with QRadar, you will be able to integrate real-time endpoint data and incident response capabilities with QRadar’s existing network log and threat analytics capabilities.
Available live in the app store now, this application enables anyone running QRadar and Carbon Black to access Carbon Black detection and incident response features from within the QRadar console.
To download the app, all you need to do is visit https://exchange.xforce.ibmcloud.com/hub and login with your IBM ID. If you don’t have one, it takes about 30 seconds to create and provides you with access to not only the App Exchange but also IBM’s 700TB X-Force Threat Intelligence database.
Once logged in, you’ll immediately see the Carbon Black App for IBM QRadar featured on the right next to fellow Bit9 + Carbon Black Connect partners, Brightpoint Security and Exabeam. To download, simply click on the Bit9 + Carbon Black logo and hit the download button on the details page.
Now, let’s take a look at the app itself. Starting out, you will see that, once installed, the app provides a new dashboard item to your main QRadar dashboard. This provides you with quick and easy data about the status of your Carbon Black deployment.
Digging deeper, you will see we have integrated Carbon Black functionality into QRadar for faster investigations and incident response. Through IP contextual menus inside QRadar, an administrator can easily conduct a Carbon Black process search, sync a sensor, or isolate an endpoint from the network off any relevant data item in QRadar.
Finally, Carbon Black exposes the ability to perform common operations from inside QRadar. Inside the app UI, you can quickly check the deployment status of your Carbon Black implementation, view watchlist hits, download a sensor if needed, and isolate a host from the network.
While we’ve seen the industry developing a lot of integrations designed to share data, the IBM App Exchange is one of the first that seeks to not only share data but embed features into security products, in a simple out-of-the-box way.
CISOs have always had to choose between buying an “integrated” platform, often composed of inferior technology, or a collection of point products that did not easily work well together. As the industry begins to move toward a collaborative defense, I expect we will see more companies looking to enable end-user experiences that go beyond integration and seek to create unified experiences from best-of-breed solutions across products from different vendors.
The Carbon Black App for IBM QRadar is a great example of how Bit9 + Carbon Black and our partners (IBM, Brightpoint, Exabeam, etc.) are continuing to push the envelope of collaboration to deliver better security and better use experiences for our customers.